Ubuntu VPN server setup

Want to use VPN to circumvent geo-IP detection on channel 4OD, BBC iPlayer etc whilst abroad?

Here’s a quick checklist.

Make sure your UK home network isn’t using a standard IP subnet (192.168.0.*, 192.168.1.* or 10.0.0.*). This is important as these addresses tend to allocated for hotel/airport wireless networks and home routers and you can’t VPN between addresses on the same subnet. I’m using 10.5.1.*.

Make sure your linux machine has a static address. Edit /etc/network/interfaces if necessary.

auto eth0
iface eth0 inet static

Setup port mapping on your router for port 1723 to the static address of your linux machine.

Get a dyndns account or similar and set it up so can find your machine whilst abroad.

Install the VPN server.

apt-get install pptpd

Edit /etc/pptpd.conf, add the following options. localip is the address of your linux machine, and remoteip is the range of address to allocate to VPN clients.


Edit /etc/ppp/pptpd-options, set the DNS server to give to clients. This should be the address of your broadband router.


Edit /etc/ppp/chap-secrets, add usernames/passwords. * means allow all client IP address which is probably what you want if roaming abroad.

# client        server  secret         IP addresses
joebloggs       pptpd   password123    *

Restart daemon to apply changes

/etc/init.d/pptpd restart

Edit /etc/sysctl.conf, enable forwarding if necessary. You’ll need to reboot to apply this change.

# Uncomment the next line to enable packet forwarding for IPv4

Client setup, example with windows XP, other clients probably similar.

  • Network connections – New connection
  • Connect to the network at my workplace, Next.
  • Virtual Private Nework Connection, Next.
  • Company Name, enter something random, Next.
  • Hostname, enter your dyndns hostname, Next.
  • Finish.
  • Select new connect, right click menu, connect.
  • Properties, Security, Advanced Custom, Settings…, Select “Allow these protocols”, un tick MS-CHAP and tick MS-CHAP v2. OK.
  • Enter username password, then Press Connect.

Leave a comment

Your email address will not be published.